The US government is urging federal employees who use Samsung Galaxy devices to update their devices as soon as possible. Apparently, there are some bugs that could allow potential attackers to access private data that would normally be inaccessible.

In June, Google listed a vulnerability in Pixel phones as CVE-2024-32896. The vulnerability was labeled “High Severity” and the accompanying advisories said it was “subject to limited, targeted exploitation.” After that, the U.S. government gave federal employees 21 days to update their Pixel devices or they would have to stop using the devices.

US federal employees should update their Galaxy devices as soon as possible

A new CISA alert includes a deadline for Galaxy phones for the same vulnerability found in Pixels. Now, U.S. government employees must update their Galaxy devices before August 28. You may be wondering why the first CISA alert for Pixel phones didn’t include Samsung Galaxy devices. That’s because at the time, the CVE-2024-32896 vulnerability was believed to only affect Google phones. However, it was later revealed that it affects all Android phones, but the original alert was never updated with that information.

The Galaxy update that fixes the vulnerability includes a fix for some bugs that would allow privilege escalation attacks. The latter essentially means that third parties could gain unauthorized access to private data on the device through certain (complex) methods. For federal employees, such vulnerabilities can be particularly serious, especially if their devices contain confidential U.S. government data.

According to Samsung, the bugs have already been exploited in the real world under certain conditions. Following the new CISA alert, several organizations and companies are likely to follow the federal government’s mandate. As with Pixel phones, it’s highly unlikely that “regular” Galaxy users will be targeted by attackers through these exploits. Still, it’s best to keep your device updated to protect your privacy and security.